Redirect to https:// not working – bug report


first off, I apologize for having not responded a question about my previous bug report (identical to this one -- almost :slight_smile: I'll try to be more elaborate this time around )

it was here:

and I really am sorry, please excuse me

this time, I did the same thing:
installed a new server, debian 10, and installed certbot, following exactly the instructions at this page:

and then I ran it,
and checked my virtual host file...
and I found the same "error" (problem)

which is:
in the mydomain-le-ssl.conf file,
after the ENDING "if_module" tag, which starts at the top of the page like this:

"IfModule mod_ssl.c
VirtualHost ip_address:443"

so, under

this appears:
IfModule mod_ssl.c
VirtualHost ip_address:80

AND the entire text which exists in
is placed here...

and I believe that this is the product of an erratic behavior... somehow...

I guess, apache can be configured in various ways...
the convention I follow is to have two separate files for the
"port-80" normal web connection, and the SSL connection...
mydomain.conf and mydomain-le-ssl.conf, respectively...

and in this case, the text (code) from mydomain.conf shouldn't appear in mydomain-le-ssl.conf

whatever happens, the "port-80" connection's config text
shouldn't appear in a mod_ssl.c tag, right? :slight_smile:

like this...
IfModule mod_ssl.c
VirtualHost ip_address:80

if this is not a bug, I'm sorry... but it really looks like that to me...

and once again, I'm sorry I didn't reply to that question..


it is because of this unwanted block of config code in the mydomain-le-ssl.conf file which screws up the "redirect permanent" command line (=makes it not to work)
hence the subject of this report

PS 2: I removed the code "brackets" (?) the less or larger than signs :slight_smile: so that the code would be visible here...


Hello :slightly_smiling_face:

I've actually witnessed this same bug myself in a few help cases I've worked here, but have no definitive answers yet. You are correct that this is not intended behavior. What version of certbot are you running (certbot --version)?

When posting code, you can put it inside a block, like this:



It will then appear like so:


That is by far the most perceptive (and possible understated) statement in this topic.
Apache will attempt to run at all costs.
In my experience, it is usually where most of the problems exist.
We should have a look at your entire Apache configuration.


version: 1.17.0

(the same on both servers where I've encountered this)


okay... tell me what exactly you need (i've attached the 2 vhost config files)

once again, this is certbot version 1.17.0,
and I've never had this before

as to the outline of the apache config:



I use "sites-available" and "sites-enabled", in the latter there are symlinks to files in the former... created by apache when "a2ensite" is issued

once the "https" works, I'll uncomment a "redirect permanent" line in the port:80 file (domain.conf)
above the "Directory" block, under the virtual host

NOTE: certbot tends to use redirect engine, at the bottom of the config code block...
BUT, it/she/he :slight_smile: always realizes, in my case, that "there's already a redirection" in the config... so, this part works well and intelligently...

--- PS / some SPECULATION:

my obvious "guess", if I may:
certbot creates the domain-le-ssl.conf file from domain.conf
so, it seems logical to suppose that the problem happens in
this copy-pasting process...

cause there are 3 "text" blocks...
A: (.conf-file) virtualhost config block for port:80
B: (le-ssl.conf) virtualhost copy-pasted AND modified config block for port:443
C: (le-ssl.conf) virtualhost copy-pasted BUT NOT modified config block below the "good" block... in a wrong (port:443) tag

I'd suppose that the "443" tag is key trace...
cause what happens appears to be NOT:

  1. a copy-paste 2x (instead of one)
  2. a modification -- find & replace


  1. a copy-paste
  2. a modification -- which includes a copy-paste within the file, so there will be a "temporary config-block", above which the "result code block" is being generated

and perhaps this "temporary block" is NOT deleted when it should be...
and it's nicely wrapped up in the appropriate virtualhost tags...

---- attachments:
vhost.conf.txt (721 Bytes)
vhost-le-ssl.conf.txt (887 Bytes)


Please show the output of:
apachectl -S


Make that:

sudo apachectl -S


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.